{
	"id": "a1c64bc9-8a16-479c-ab65-cf1712769d1b",
	"created_at": "2026-04-06T00:21:37.482682Z",
	"updated_at": "2026-04-10T13:12:35.12208Z",
	"deleted_at": null,
	"sha1_hash": "1d4f105ae38b3f8f7824840796b2b8e3d7e79c0a",
	"title": "Pony Stealer Malware | KnowBe4",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 118542,
	"plain_text": "Pony Stealer Malware | KnowBe4\r\nBy KnowBe4\r\nArchived: 2026-04-05 21:57:33 UTC\r\nPony Stealer is a password stealer that can decrypt or unlock passwords for over 110 different applications\r\nincluding VPN, FTP, email, instant messaging, web browsers and much more.  Pony Stealer is very dangerous and\r\nonce it infects a PC it will turn the device into a botnet, allowing it to use the PCs it infects to infect other PCs.\r\nPony Stealer, which is tied closely to Reveton worm, is also well-known for spreading malware, thanks to an e-mail campaign that was started in late 2014. The e-mail is supposedly sent from the shipping company Maersk\r\nLine. The writer of this e-mail informs potential victims that they have an overdue invoice from an account with\r\nthe company. The victims are then provided with a link to a PDF download so they can download the overdue\r\ninvoice and then pay for what they owe. Toward the end of the e-mail, victims are provided with phone numbers\r\nfor a “sales representative” and the Maersk customer service line—and both of these phone numbers have a\r\nVietnamese area code. In an effort to make the e-mail seem more legitimate, the writer provides the URL of\r\nMaersk’s official website.\r\nA quick inspection would reveal that, while Maersk does have a way to contact their Vietnamese branch, the\r\nphone number on their official website is completely different from the ones provided in the e-mail. Furthermore,\r\nin January 2014, Maersk warned their customers about the fraud, instructing them not to click the suspicious links\r\nin the e-mails and not to provide anyone with security information like account passwords.\r\nIs Your Network Vulnerable To Ransomware Attacks?\r\nhttps://www.knowbe4.com/pony-stealer\r\nPage 1 of 2\n\nFind out now with KnowBe4's Ransomware Simulator \"RanSim\", get your results in minutes.\r\nGet RanSim!\r\n« Back To Ransomware Knowledgebase\r\nSource: https://www.knowbe4.com/pony-stealer\r\nhttps://www.knowbe4.com/pony-stealer\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.knowbe4.com/pony-stealer"
	],
	"report_names": [
		"pony-stealer"
	],
	"threat_actors": [],
	"ts_created_at": 1775434897,
	"ts_updated_at": 1775826755,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1d4f105ae38b3f8f7824840796b2b8e3d7e79c0a.pdf",
		"text": "https://archive.orkl.eu/1d4f105ae38b3f8f7824840796b2b8e3d7e79c0a.txt",
		"img": "https://archive.orkl.eu/1d4f105ae38b3f8f7824840796b2b8e3d7e79c0a.jpg"
	}
}